If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hmmmm, are any of those SSNs California residents? If so then the company who lost the information has to notify all of their clients that reside in California of the compromise. (If memory serves me correctly)

Just speculating.

The mentally handicaped are persecuted in this great country, and I say rightfully so! These people are NUTS!!!!

I work for a non-profit.... Which I'm sure this is..... This is typical of small non-profits... They have no technical know-how or understanding.... They probably own 1 computer and just got a grant to buy a new one to run software that this one can't run... They can't think of a use for the old one so they just threw it away without a thought for what someone _could_ do with the information held on it.... It's not the way they think....

Contact them, tell them what they did and point out that if anyone other than you had got the machine then the probability is high that the result may have ruined their reputation so badly that they would have been forced out of business. Tell them that you have erased the contents and overwritten them so they cannot be retreived and that the drive will remain in your posession so that the data cannot _ever_ be retreived. Tell them to wipe their drives in future before they throw them away.....

If they give you _any_ crap PM me and I will be very happy to talk with them. They are a very small non-profit, (500 SSN's is small.... I have about 50,000 on my network..... I can convince them to sit down and do the right thing... )

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Originally posted here by Tiger Shark I work for a non-profit.... Which I'm sure this is..... This is typical of small non-profits... They have no technical know-how or understanding.... They probably own 1 computer and just got a grant to buy a new one to run software that this one can't run... They can't think of a use for the old one so they just threw it away without a thought for what someone _could_ do with the information held on it.... It's not the way they think....

Contact them, tell them what they did and point out that if anyone other than you had got the machine then the probability is high that the result may have ruined their reputation so badly that they would have been forced out of business. Tell them that you have erased the contents and overwritten them so they cannot be retreived and that the drive will remain in your posession so that the data cannot _ever_ be retreived. Tell them to wipe their drives in future before they throw them away.....

If they give you _any_ crap PM me and I will be very happy to talk with them. They are a very small non-profit, (500 SSN's is small.... I have about 50,000 on my network..... I can convince them to sit down and do the right thing... )

Just a quick question, TS...why aren't companies like that held accountable for gross negligence in dealing with the improper disposal of company data, which is confidential regardless of profit or not-for-profit? I know that any of them in said company (if this were the case) would definitely not want to have their SSN perused at and used without their knowledge or approval if a computer was found on the side of the road and someone picked it up.

I mean, it's pretty simple IMHO...we didn't know anything about fire as kids, but the minute we touched our hands to the flame or the eye of a stove that was on, we learned not to do that again. Put some hefty fines up and no longer allow "We didn't know" as an excuse...

We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

anything on the curb is public property here in the usa, this includes your trash once you take it out (if its on the sidewalk)

I do not believe you are entirely correct.

I believe what you are referring to is what the courts look at as “abandoned” property. Anything abandoned can be claimed by someone else, with exceptions.

First, it could have been mislaid or misplaced. Under some state laws the finder would have the obligation to return it if they knew who it belonged to, unless the finder was sure it was abandoned. Otherwise it might be incumbent on the finder to contact the owner to determine if it was abandoned.

Second, the property must be abandoned knowingly and voluntarily. You would think that garbage should fit into this category, but that isn't necessarily so. States differ on how they treat their garbage: some consider it abandoned only once it has been mixed in with other garbage, others at the time it is placed at the curb, etc. And some consider the garbage the property of the municipality, especially when it comes to recyclable materials.

I can't get over the stupidity ( I think I've mentioned this before ) of New Jersey. ( This comes from U.S. and N.J. State Supreme Court decisions ). There the Feds can come and take your garbage, look through it, use whatever they find as evidence against you. But for local and state agencies the rules are different: they can take your garbage, but need a warrant to look through it, unless, ( possible exception left open for further consideration in original decision ) they are looking through it to determine if you have thrown away something that should have been saved and put out for recycling!
And no, they can not have the Feds look for them because that would make any evidence tainted because the Feds would now become extensions of the state.

" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

here in CT, no one will bother you...unless they are *****s...technically. it is illegal.

A_T

as for what to do. i say to write a letter to them. make it anonymous so they don't call the police...just in case. let them know that the HDD could have been compromised, but you are going to wipe it by gov't standards and probably destroy the disk (even if you don't, it makes them feel better).
this is similar to finding someone's ATM card in the machine..which i have done. you could withdraw the entirety of the account, and they are insured anyways, so the bank pays. but i destroyed the card, and called the bank to give them the numbers and let them know i destroyed it.

OverdueSpy is correct. If any of the identity information contained on the drive belongs to a California resident, this constitutes doing business in California. This places the entiry under the requirement to report any and all compromises, exposure of information and hacks. Been on the books since last summer, IIRC.

The right thing to do would be to contact the organization. If they give you any static, contact the local media. They will definitely make a big stink about it.

Why not bring it to the police? You make a statement on where and how you found it and give the details of the information you found on it. Then contact the company concerned explaining what you found, how dangerous it is and where you brought the computer. At the same time you could ask them if they want some basic pointers on computer security.
The fact that you brought the computer to the police once you found the information would normally be enought to prove you acted in good faith.

\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
Oscar Wilde(1854-1900)

Dutch public prosecutor Joost Tonino was condemned yesterday for putting his old PC out with the trash. It contained sensitive information about criminal investigations in Amsterdam, and also his email address, credit card number, social security number and personal tax files. Tonino dumped the computer, which he hadn't used for two years, because he thought it contained a virus. The operating system wouldn't start.

A taxi driver found the PC on the steet just outside Tonino's home, got it working again and informed a crime reporter, who yesterday revealed on television what was on the hard disk. Based on information eft on the PC, the reporter also managed to gain access to Tonino's email account.

So you could perhaps go to a major crime reporter person and get something simmilar going...
Makes the public servants mind privacy and security once again..

ASCII stupid question, get a stupid ANSI.
When in Russia, pet a PETSCII.
Get your ass over to SLAYRadio the best station for C64 Remixes !

Originally posted here by AxessTerminated cross: legality on trash picking is state-by-state

here in CT, no one will bother you...unless they are *****s...technically. it is illegal.

A_T

as for what to do. i say to write a letter to them. make it anonymous so they don't call the police...just in case. let them know that the HDD could have been compromised, but you are going to wipe it by gov't standards and probably destroy the disk (even if you don't, it makes them feel better).
this is similar to finding someone's ATM card in the machine..which i have done. you could withdraw the entirety of the account, and they are insured anyways, so the bank pays. but i destroyed the card, and called the bank to give them the numbers and let them know i destroyed it.